OpenDNSSEC-signer 1.3.0rc3
|
00001 /* 00002 * $Id: signconfparser.c 5227 2011-06-12 08:51:24Z jakob $ 00003 * 00004 * Copyright (c) 2009 NLNet Labs. All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 1. Redistributions of source code must retain the above copyright 00010 * notice, this list of conditions and the following disclaimer. 00011 * 2. Redistributions in binary form must reproduce the above copyright 00012 * notice, this list of conditions and the following disclaimer in the 00013 * documentation and/or other materials provided with the distribution. 00014 * 00015 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 00016 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 00017 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00018 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 00019 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00020 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 00021 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 00022 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 00023 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 00024 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 00025 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00026 * 00027 */ 00028 00034 #include "parser/confparser.h" 00035 #include "parser/signconfparser.h" 00036 #include "shared/allocator.h" 00037 #include "shared/duration.h" 00038 #include "shared/log.h" 00039 #include "signer/keys.h" 00040 00041 #include <libxml/parser.h> 00042 #include <libxml/xpath.h> 00043 #include <libxml/xpathInternals.h> 00044 #include <libxml/xmlreader.h> 00045 #include <stdlib.h> 00046 00047 static const char* parser_str = "parser"; 00048 00049 00054 keylist_type* 00055 parse_sc_keys(allocator_type* allocator, const char* cfgfile) 00056 { 00057 xmlDocPtr doc = NULL; 00058 xmlXPathContextPtr xpathCtx = NULL; 00059 xmlXPathObjectPtr xpathObj = NULL; 00060 xmlNode* curNode = NULL; 00061 xmlChar* xexpr = NULL; 00062 key_type* new_key = NULL; 00063 keylist_type* kl = NULL; 00064 char* locator = NULL; 00065 char* flags = NULL; 00066 char* algorithm = NULL; 00067 int ksk, zsk, publish, i; 00068 00069 if (!cfgfile) { 00070 ods_log_error("[%s] could not parse <Keys>, no cfgfile given", 00071 parser_str); 00072 return NULL; 00073 } 00074 ods_log_assert(cfgfile); 00075 00076 /* Load XML document */ 00077 doc = xmlParseFile(cfgfile); 00078 if (doc == NULL) { 00079 ods_log_error("[%s] could not parse <Keys>, xmlParseFile failed", 00080 parser_str); 00081 return NULL; 00082 } 00083 /* Create xpath evaluation context */ 00084 xpathCtx = xmlXPathNewContext(doc); 00085 if(xpathCtx == NULL) { 00086 xmlFreeDoc(doc); 00087 ods_log_error("[%s] could not parse <Keys>, xmlXPathNewContext failed", 00088 parser_str); 00089 return NULL; 00090 } 00091 /* Evaluate xpath expression */ 00092 xexpr = (xmlChar*) "//SignerConfiguration/Zone/Keys/Key"; 00093 xpathObj = xmlXPathEvalExpression(xexpr, xpathCtx); 00094 if(xpathObj == NULL) { 00095 xmlXPathFreeContext(xpathCtx); 00096 xmlFreeDoc(doc); 00097 ods_log_error("[%s] could not parse <Keys>, xmlXPathEvalExpression " 00098 "failed", parser_str); 00099 return NULL; 00100 } 00101 00102 kl = keylist_create(allocator); 00103 if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr > 0) { 00104 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) { 00105 locator = NULL; 00106 flags = NULL; 00107 algorithm = NULL; 00108 ksk = 0; 00109 zsk = 0; 00110 publish = 0; 00111 00112 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode; 00113 while (curNode) { 00114 if (xmlStrEqual(curNode->name, (const xmlChar *)"Locator")) { 00115 locator = (char *) xmlNodeGetContent(curNode); 00116 } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Algorithm")) { 00117 algorithm = (char *) xmlNodeGetContent(curNode); 00118 } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Flags")) { 00119 flags = (char *) xmlNodeGetContent(curNode); 00120 } else if (xmlStrEqual(curNode->name, (const xmlChar *)"KSK")) { 00121 ksk = 1; 00122 } else if (xmlStrEqual(curNode->name, (const xmlChar *)"ZSK")) { 00123 zsk = 1; 00124 } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Publish")) { 00125 publish = 1; 00126 } 00127 curNode = curNode->next; 00128 } 00129 if (locator && algorithm && flags) { 00130 new_key = key_create(allocator, locator, 00131 (uint8_t) atoi(algorithm), (uint32_t) atoi(flags), 00132 publish, ksk, zsk); 00133 if (keylist_push(kl, new_key) != ODS_STATUS_OK) { 00134 ods_log_error("[%s] failed to push key %s to key list", 00135 parser_str, locator); 00136 } 00137 } else { 00138 ods_log_error("[%s] Key missing required elements, skipping", 00139 parser_str); 00140 } 00141 free((void*)locator); 00142 free((void*)algorithm); 00143 free((void*)flags); 00144 } 00145 } 00146 00147 xmlXPathFreeObject(xpathObj); 00148 xmlXPathFreeContext(xpathCtx); 00149 if (doc) { 00150 xmlFreeDoc(doc); 00151 } 00152 return kl; 00153 } 00154 00155 00160 duration_type* 00161 parse_sc_sig_resign_interval(const char* cfgfile) 00162 { 00163 duration_type* duration = NULL; 00164 const char* str = parse_conf_string(cfgfile, 00165 "//SignerConfiguration/Zone/Signatures/Resign", 00166 1); 00167 if (!str) { 00168 return NULL; 00169 } 00170 duration = duration_create_from_string(str); 00171 free((void*)str); 00172 return duration; 00173 } 00174 00175 00176 duration_type* 00177 parse_sc_sig_refresh_interval(const char* cfgfile) 00178 { 00179 duration_type* duration = NULL; 00180 const char* str = parse_conf_string(cfgfile, 00181 "//SignerConfiguration/Zone/Signatures/Refresh", 00182 1); 00183 if (!str) { 00184 return NULL; 00185 } 00186 duration = duration_create_from_string(str); 00187 free((void*)str); 00188 return duration; 00189 } 00190 00191 00192 duration_type* 00193 parse_sc_sig_validity_default(const char* cfgfile) 00194 { 00195 duration_type* duration = NULL; 00196 const char* str = parse_conf_string(cfgfile, 00197 "//SignerConfiguration/Zone/Signatures/Validity/Default", 00198 1); 00199 if (!str) { 00200 return NULL; 00201 } 00202 duration = duration_create_from_string(str); 00203 free((void*)str); 00204 return duration; 00205 } 00206 00207 00208 duration_type* 00209 parse_sc_sig_validity_denial(const char* cfgfile) 00210 { 00211 duration_type* duration = NULL; 00212 const char* str = parse_conf_string(cfgfile, 00213 "//SignerConfiguration/Zone/Signatures/Validity/Denial", 00214 1); 00215 if (!str) { 00216 return NULL; 00217 } 00218 duration = duration_create_from_string(str); 00219 free((void*)str); 00220 return duration; 00221 } 00222 00223 00224 duration_type* 00225 parse_sc_sig_jitter(const char* cfgfile) 00226 { 00227 duration_type* duration = NULL; 00228 const char* str = parse_conf_string(cfgfile, 00229 "//SignerConfiguration/Zone/Signatures/Jitter", 00230 1); 00231 if (!str) { 00232 return NULL; 00233 } 00234 duration = duration_create_from_string(str); 00235 free((void*)str); 00236 return duration; 00237 } 00238 00239 00240 duration_type* 00241 parse_sc_sig_inception_offset(const char* cfgfile) 00242 { 00243 duration_type* duration = NULL; 00244 const char* str = parse_conf_string(cfgfile, 00245 "//SignerConfiguration/Zone/Signatures/InceptionOffset", 00246 1); 00247 if (!str) { 00248 return NULL; 00249 } 00250 duration = duration_create_from_string(str); 00251 free((void*)str); 00252 return duration; 00253 } 00254 00255 00256 duration_type* 00257 parse_sc_dnskey_ttl(const char* cfgfile) 00258 { 00259 duration_type* duration = NULL; 00260 const char* str = parse_conf_string(cfgfile, 00261 "//SignerConfiguration/Zone/Keys/TTL", 00262 1); 00263 if (!str) { 00264 return NULL; 00265 } 00266 duration = duration_create_from_string(str); 00267 free((void*)str); 00268 return duration; 00269 } 00270 00271 00272 duration_type* 00273 parse_sc_soa_ttl(const char* cfgfile) 00274 { 00275 duration_type* duration = NULL; 00276 const char* str = parse_conf_string(cfgfile, 00277 "//SignerConfiguration/Zone/SOA/TTL", 00278 1); 00279 if (!str) { 00280 return NULL; 00281 } 00282 duration = duration_create_from_string(str); 00283 free((void*)str); 00284 return duration; 00285 } 00286 00287 00288 duration_type* 00289 parse_sc_soa_min(const char* cfgfile) 00290 { 00291 duration_type* duration = NULL; 00292 const char* str = parse_conf_string(cfgfile, 00293 "//SignerConfiguration/Zone/SOA/Minimum", 00294 1); 00295 if (!str) { 00296 return NULL; 00297 } 00298 duration = duration_create_from_string(str); 00299 free((void*)str); 00300 return duration; 00301 } 00302 00303 00308 ldns_rr_type 00309 parse_sc_nsec_type(const char* cfgfile) 00310 { 00311 const char* str = parse_conf_string(cfgfile, 00312 "//SignerConfiguration/Zone/Denial/NSEC3", 00313 0); 00314 if (str) { 00315 free((void*)str); 00316 return LDNS_RR_TYPE_NSEC3; 00317 } 00318 00319 str = parse_conf_string(cfgfile, 00320 "//SignerConfiguration/Zone/Denial/NSEC", 00321 0); 00322 if (str) { 00323 free((void*)str); 00324 return LDNS_RR_TYPE_NSEC; 00325 } 00326 00327 return LDNS_RR_TYPE_FIRST; 00328 } 00329 00330 00335 uint32_t 00336 parse_sc_nsec3_algorithm(const char* cfgfile) 00337 { 00338 int ret = 0; 00339 const char* str = parse_conf_string(cfgfile, 00340 "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Algorithm", 00341 1); 00342 if (str) { 00343 if (strlen(str) > 0) { 00344 ret = atoi(str); 00345 } 00346 free((void*)str); 00347 } 00348 return ret; 00349 } 00350 00351 00352 uint32_t 00353 parse_sc_nsec3_iterations(const char* cfgfile) 00354 { 00355 int ret = 0; 00356 const char* str = parse_conf_string(cfgfile, 00357 "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Iterations", 00358 1); 00359 if (str) { 00360 if (strlen(str) > 0) { 00361 ret = atoi(str); 00362 } 00363 free((void*)str); 00364 } 00365 return ret; 00366 } 00367 00368 00373 int 00374 parse_sc_dnskey_ttl_use(const char* cfgfile) 00375 { 00376 int ret = 0; 00377 const char* str = parse_conf_string(cfgfile, 00378 "//SignerConfiguration/Zone/Keys/TTL", 00379 0); 00380 if (str) { 00381 if (strlen(str) > 0) { 00382 ret = 1; 00383 } 00384 free((void*)str); 00385 } 00386 return ret; 00387 } 00388 00389 00390 int 00391 parse_sc_soa_ttl_use(const char* cfgfile) 00392 { 00393 int ret = 0; 00394 const char* str = parse_conf_string(cfgfile, 00395 "//SignerConfiguration/Zone/SOA/TTL", 00396 0); 00397 if (str) { 00398 if (strlen(str) > 0) { 00399 ret = 1; 00400 } 00401 free((void*)str); 00402 } 00403 return ret; 00404 } 00405 00406 00407 int 00408 parse_sc_soa_min_use(const char* cfgfile) 00409 { 00410 int ret = 0; 00411 const char* str = parse_conf_string(cfgfile, 00412 "//SignerConfiguration/Zone/SOA/Minimum", 00413 0); 00414 if (str) { 00415 if (strlen(str) > 0) { 00416 ret = 1; 00417 } 00418 free((void*)str); 00419 } 00420 return ret; 00421 } 00422 00423 00424 int 00425 parse_sc_nsec3_optout(const char* cfgfile) 00426 { 00427 int ret = 0; 00428 const char* str = parse_conf_string(cfgfile, 00429 "//SignerConfiguration/Zone/Denial/NSEC3/OptOut", 00430 0); 00431 if (str) { 00432 ret = 1; 00433 free((void*)str); 00434 } 00435 return ret; 00436 } 00437 00438 00439 int 00440 parse_sc_audit(const char* cfgfile) 00441 { 00442 int ret = 0; 00443 const char* str = parse_conf_string(cfgfile, 00444 "//SignerConfiguration/Zone/Audit", 00445 0); 00446 if (str) { 00447 ret = 1; 00448 free((void*)str); 00449 } 00450 return ret; 00451 } 00452 00453 00458 const char* 00459 parse_sc_soa_serial(allocator_type* allocator, const char* cfgfile) 00460 { 00461 const char* dup = NULL; 00462 const char* str = parse_conf_string( 00463 cfgfile, 00464 "//SignerConfiguration/Zone/SOA/Serial", 00465 1); 00466 00467 if (str) { 00468 dup = allocator_strdup(allocator, str); 00469 free((void*)str); 00470 } 00471 return dup; 00472 } 00473 00474 00475 const char* 00476 parse_sc_nsec3_salt(allocator_type* allocator, const char* cfgfile) 00477 { 00478 const char* dup = NULL; 00479 const char* str = parse_conf_string( 00480 cfgfile, 00481 "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Salt", 00482 1); 00483 00484 if (str) { 00485 dup = allocator_strdup(allocator, str); 00486 free((void*)str); 00487 } 00488 return dup; 00489 }